Verified Compilers for a Multi-Language World

Amal Ahmed

Though there has been remarkable progress on formally verified
compilers in recent years, most of these compilers
suffer from a
serious limitation: they are proved correct under the assumption that
they will only be used to compile whole programs. This is an
unrealistic assumption since most software systems today are comprised
of components written in different languages---both typed and
untyped---compiled by different compilers to a common target, as well
as low-level libraries that may be handwritten in the target language.
We are pursuing a new methodology for building verified compilers for
today's world of multi-language software. The project has two central
themes, both of which stem from a view of compiler correctness
as a language interoperability problem. First, to specify
correctness of component compilation, we require that if a source
component $s$ compiles to target component $t$, then $t$ linked with some
arbitrary target code $t'$ should behave the same as $s$
interoperating with $t'$. The latter demands a formal semantics of
interoperability between the source and target languages. Second, to
enable safe interoperability between components compiled from
languages as different as ML, Rust, Python, and C, we plan to design a
gradually type-safe target language based on LLVM that supports safe
interoperability between more precisely typed, less precisely typed,
and type-unsafe components. Our approach opens up a new avenue for
exploring sensible language interoperability while also tackling
compiler correctness.